[Webkit-unassigned] [Bug 213120] Cross-origin cookies aren't set in Safari on iOS/macOS and in WKWebView

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 15 11:06:32 PDT 2020


https://bugs.webkit.org/show_bug.cgi?id=213120

--- Comment #2 from John Wilander <wilander at apple.com> ---
Hi! Thanks for filing!

(In reply to German from comment #0)
> I'm not sure if that's a regression of
> https://bugs.webkit.org/show_bug.cgi?id=200857 and
> https://bugs.webkit.org/show_bug.cgi?id=204109 or not...
> Cookies are just ignored and aren't sent in requests.

Safari blocks all third party cookies by default as part of its Intelligent Tracking Prevention feature (ITP) since our release in March: https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/

> Works fine for cross-subdomain requests like between one.myhost.com and
> two.myhost.com but doesn't work between fully different domains like
> one.myhost.com and some.other.org.
> BTW, I only checked that it doesn't work for sites that have different TLDs,
> not sure if the bug applies to sites with equal TLDs but different SLDs
> 
> I can reproduce it in Safari and Safari TP on macOS X 10.15.5 and in Safari
> and WKWebView on iOS 13.5.1

WKWebView should not be seeing the same behavior since ITP is not enabled for it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200615/0f6e6bdd/attachment.htm>


More information about the webkit-unassigned mailing list